Wearables Adoption Rises, Security Concerns Grow

Wearable technology shows tons of promise: Consumers can use smartwatches for completing retail transactions with mobile payment apps; banks can provide wearable apps for account management; and security purposes and corporations can arm their employees with quick and easy access to enterprise applications thanks to a variety of different devices. Many individuals realize this potential, and as such, wearables are slowly but surely becoming everyday technologies for many American shoppers and workers.

According to an analysis conducted by eMarketer in October 2015, almost 40 million American citizens over the age of 18 have used either a smartwatch – such as the Apple Watch – or a fitness tracker – like the Fitbit. While that might only be around 16 percent of adults in the U.S., adoption rates of wearables have more than doubled in the past year alone. And eMarketer forecasts even more growth in 2016, predicting that around 64 million Americans will own a wearable device by the end of this year.

When it comes to smart wearables specifically – those that are similar to the Apple Watch, Samsung Gear and even the Oculus Rift – IDC estimated that there will be 38 million of them shipped to retail stores and ecommerce sites in 2016 alone, but that was based on 2014's numbers. Therefore, it's likely that upwards of 70 million Americans will have a wearable wrapped around their wrists by the beginning of 2017.

Around 64 million Americans will own a wearable device by the end of this year.

Many devices, many attack vectors

While the future certainly is bright for wearables and the apps that run on them, cybersecurity is a major concern – or at least it should be for both brands and consumers. For one thing, with almost 70 million new devices connected to the Internet, there are 70 million new attack vectors that hackers can exploit. Secondly, wearables are likely to play a key role in the adoption of mobile payment services, which means that they'll have access to a wealth of payment card data and other personal information. Doug Pollack, chief security officer at ID Experts, explained these sentiments in a blog post on HealthcareITNews.

"I see the explosion of wearable devices as a likely new area for potential privacy concerns," Pollack said, according to the source. "Just as with mobile devices, wearables are likely to expose new security threats, while getting real-time access to new types of data about individuals that has not been captured before. Especially as new applications are deployed on these devices, there will be unintended consequences when it comes to the protection and privacy of the user's personal data."

In fact, We Live Security's Stephen Cobb listed all of the ways that hackers can steal data when wearables are involved. Some of those attack vectors are inherent in the age of connectivity, such as Bluetooth connections, Wi-Fi and 4G, but other components of wearables will also introduce vulnerabilities: apps, app analytics systems, device firmware, Web browsers, APIs and even the backend infrastructure supporting them, such as the cloud. Or, a hacker could just steal a device.

Time to get innovative with cybersecurity

Therefore – and this is obvious – brands that hope to offer a wearable mobile app must take cybersecurity seriously. This is only exacerbated when businesses and banks are developing mobile payment apps for these devices.

Experts recommend investing in end-to-end encryption, and this is a great approach. But security is multi-layered, and one solution isn't likely to solve all wearable cybersecurity and privacy concerns. Encryption isn't going to prevent fraud or stop hackers from taking control of wearable devices remotely. As such, brands and developers need to get help from experienced partners to inject innovative security strategies into their wearable and payment app initiatives.

But don't forget the end user

PaymentsSource contributor Alex Bray asserted that retailers and banks should focus on seamless customer experiences when approaching wearable security. These devices have capabilities built in that could make securing personal data easier than some think. For example, Bray highlighted geolocational features as a means of protecting payment data. This would entail verifying consumers' physical locations or proximity to other devices before transactions are approved. That way, end users don't have to do anything themselves.

Then there's biometric security, which can perform multiple authentication techniques to guarantee the identity of a user. PSFK reported on Nymi, a new smart wearable that relies on consumers' fingerprints and heartbeats to verify identities. While Nymi plans to replace a PIN, brands could use them in conjunction. After all, true multi-factor authentication requires something that users own – a heartbeat for example – as well as something that they know – a password.

If brands and banks hope to have high adoption rates when it comes to their wearable apps, then they need to invest in strong cybersecurity. Often this falls out of the scope of a typical development team, but that's where trusted partners can help. After all, companies shouldn't expect to revolutionize mobile and wearable security when their core competencies are in different sectors.